A single global authority is not sufficient to regulate heterogenous agents in multiagent systems based on distributed architectures, due to idiosyncratic local situations and to the need to regulate new issues as soon as they arise. On the one hand institutions should be structured as normative systems with a hierarchy of authorities able to cope with the dynamics of local situations, but on the other hand higher authorities should be able to delimit the autonomy of lower authorities to issue valid norms. In this paper, we study the interplay of obligations and strong permissions in the context of hierarchies of authorities using input/output logic, because its explicit norm base facilitates reasoning about norm base maintenance, and it covers a variety of conditional obligations and permissions. We combine the logic with constraints, priorities and hierarchies of authorities. In this setting, we observe that Makinson and van der Torre’s notion of prohibition immunity for permissions is no longer sufficient, and we introduce a new notion of permission as exception and a new distinction between static and dynamic norms. We show how strong permissions can dynamically change an institution by adding exceptions to obligations, provide an explicit representation of what is permitted to the subjects of the normative system and allow higher level authorities to limit the power of lower level authorities to change the normative system.